How do you do....it? Thread, Redirect URLS BYOD Network? in Technical; Originally Posted by FN-GM
Does PFSense captive portal need to use a username and password? I dont want to use ...
13th November 2012, 10:56 PM #31
No it doesnt you can set it not to ask for Username and Password and just redirect traffic to another location, we've had it setup like that before.
Originally Posted by FN-GM
Untangle is good but not as good as Pf, Its a lot heavier on resources and doesnt seem as intuitive.
We have Pfsense on 3 different SSID's and on three different VLANS, the problem is that if you use the standard user manager in the Wb GUI then the same user can authenticate on any of the SSID's... not always desirable, but if you go to packages and install FreeRadius you can use that as the authentication for captive portal instead and can set RADIUS to listen to a certain Interface / MAC address and if you do it right If you have different VLANS tied to different SSID's you can get the authentication to work separately on each different SSID.
PfSense can also act as an 802.1x server so it will drop you onto the right VLAN once you authenticate making locking things down alot easier.
Pf also has the DG and Squid proxy for filtering (again in the packages) just click add package and configure. I have used DG and Squid on Pfsense before, the joy is you get a nice Web GUI.
PfSense supports SSL also. I'd urge people to build a pfsense box and have a play... you'll be pleasently surprised at how powerful it is, I was also watching a DefCon vid the other night, some guys where trying to hack into enterprise level routers and got into some of them using back doors, all of a sudden one guy said something about they have never yet gotten into a PfSense router as they are so secure!, added bonus!
And as I say we've got this up & running in a few hotspots around the city, with the captive portal page being fully customizable it works great! It's so easy to manage that we have non-admin staff able to manage the basic aspects of adding users to captive portal if they need to, any problems because openvpn comes with PfSense we just VPN in an solve any issues.
Last edited by cpjitservices; 13th November 2012 at 11:01 PM.
IDG Tech News
13th November 2012, 11:03 PM #32
sounds like i should forget the untangle build and go directly to PF....
watch this space.
Thanks to twin--turbo from:
cpjitservices (13th November 2012)
13th November 2012, 11:05 PM #33
Its exactly what i want. I set the DG as the VLAN DG thats no problem. But how would PFsense get to the client. How would the clients talk to PFsense to know to get redirected automatically?
Originally Posted by twin--turbo
13th November 2012, 11:19 PM #34
The way pfsense works is you assign the captive portal onto an interface, so ETH0 for example so any traffic that hits ETH0 will be intercepted and hit with Captive Portal.
So if you set you DG to the VLAN DG and that VLAN is assigned to an interface in PF (which it will be) and you set Captive Portal to listen on that interface your then your banging - any traffic hitting that interface will need to go through Captive Portal or be re-directed.
@twin--turbo - if you need any help with pfsense let me know - iv'e spent many an hour working with it and it hasnt let me down so far.
Below is an example of someone adding captive portal onto the LAN interface, the Web GUI has been massively improved since this image (luckily)
Pfsense Interface Assign
Last edited by cpjitservices; 13th November 2012 at 11:23 PM.
13th November 2012, 11:27 PM #35
For those interested you can also use Pf as a basic UTM, although I've never done it but you can get anti-virus packages and web filtering... and more but cant remember off the top of my head but Google pfsense as UTM and you'll see some examples.
13th November 2012, 11:36 PM #36
How would you go about this please? Im trying to learn more about Cisco kit so taking baby steps here Would a static route do the trick?
that VLAN is assigned to an interface in PF (which it will be)
13th November 2012, 11:45 PM #37
Its been a while since I touched on Cisco but with Cisco Routers and VLANS you can do router on a stick and use a sub interface for example int fa0/0.1 would be a subinterface of FA 0/0.
or change the 1 to the VLAN number.
On the switches you'd go into
Int FA */*
switchport mode access VLAN10
I think thats correct - that will assign that VLAN to that interface - I may stand corrected as it's been a longggg time since I did VLANS on Cisco, I do have VLANS on Cisco but it was done that long ago I cant remember.
The switches I'm on about here are Layer 2 and not layer 3, on my Juniper EX2200 (Layer3) you just go into the port or group of ports and assign to a VLAN-ID and then just Tag out uplink port with all the VLANS for it to trunk them.
13th November 2012, 11:55 PM #38
Ok yer i have that assign a vlan to a port easy. I am just confused how the BYOD client gets to pfsense, this bit i cant grasp. It wont be by the DG because you need that to be set to the VLAN DG. How does the traffic actually hit pfsense?
14th November 2012, 08:35 AM #39
You either assign the PFSense as the DG and have it's DG as the vlan interface IP.
Or out PFSense as a transparent bridge , stick one of it's ports on your vlan and then connect the other port to a downstream switch for you BYOD, that way all traffic passes through it before hitting the cisco.
Thanks to twin--turbo from:
FN-GM (14th November 2012)
14th November 2012, 10:10 AM #40
There are that many release of PFsense what do i pick? Will this do? - pfSense-2.0.1-RELEASE-amd64.iso.gz Thanks
Last edited by FN-GM; 14th November 2012 at 10:12 AM.
14th November 2012, 10:13 AM #41
yes that one or the i386 depending on your hardware.
14th November 2012, 10:18 AM #42
Vmware so might as well go 64 bit. Thanks
Originally Posted by twin--turbo
14th November 2012, 10:24 AM #43
Talking about your diagram on the other thread. I dont want a BYOD switch as such as BYOD will be located in allot of areas so i want to keep to a BYOD VLAN. I put the PFsense server in the BYOD VLAN, the clients DG will be PFsense and PFsense DG will be the vlan interface. For this setup do i need 2 nics in PF sense?
14th November 2012, 10:25 AM #44
14th November 2012, 10:26 AM #45
you can do it by not having a vlan interface on the BYOD vlan ( preventing it routing ) and brdiging the pf between one of the other vlans on the switch and the byod vlan.
By ajcc22 in forum Office Software
Last Post: 1st October 2010, 12:27 PM
By marvin in forum Windows
Last Post: 20th November 2008, 03:19 PM
By mactech03 in forum Mac
Last Post: 15th November 2008, 07:54 PM
By SpuffMonkey in forum How do you do....it?
Last Post: 2nd November 2006, 06:23 PM
By tosca925 in forum Windows
Last Post: 9th September 2006, 10:29 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)